Routing remote client internet traffic thru VPN

  • Thread starter Thread starter Dean Macinskas
  • Start date Start date
D

Dean Macinskas

Hello,

I have installed RRAS on my Win2K server and client, and can establish a VPN
from my remote client and see the internal server's resources. But I also
want to route my client's internet traffic (browsing and mail) through the
VPN and have my RRAS server fire off the packets to and from the office DSL
router (the purpose here is to secure my internet traffic through the VPN).
The problem seems to be that when I first establish an internet connection
from the client I get a default gateway pointing to the IP address given me
by whatever ISP I'm connecting to, and there is no default gateway
associated with the VPN connection; the result is that internet traffic
automatically bypasses the VPN in favor of the direct connection. So, I
guess I have two questions:
1.. Is doing what I want to do even possible?
2.. If the answer above is 'yes', how do I go about establishing the
appropriate routes? I've searched the MS Knowledge Base, and although I've
seen a few hints I cannot find a procedure that works. I cannot find any
way to define a default gateway in the standard VPN 'Properties' windows.
Thanks for your help.

Regards,
Dean P. Macinskas
 
I wish you posted the result of ipconfig /all here. Basically, after
establishing the VPN, the traffic should go to the VPN. if not, make sure
Use default gateway on the remote network under properties of tcp/ip.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
When you establish a remote access connection (RAS or VPN) your current
default route is disabled (by increasing its metric), and a new default
route set up pointing to the connection's "received" IP (which really means
your new default gateway is the VPN connection itself). This happens
automatically unless you clear the "use default gateway.." box in the
connection's TCP/IP settings. See KB 254231 for details.
 
Bill,

I understand this, and I do in fact see this behavior if I do a "route
print".

But I notice something odd: on the server, if I stop RRAS I can access the
internet (i.e., IE can see the internet), but when I start RRAS then IE can
no longer access the internet. I have RRAS set as both a LAN/WAN router and
a VPN server.

Regards,
Dean
 
I had a similar issue but I'm not using an ISA server. I instead have a
seperate firewall that I wanted VPN clients to pass through when VPNing in.
This is for security reasons and allow the ability for users to access the
internet while VPNed into my network WITHOUT using split tunneling. With
that said here is how I resolved it.
On the client I selected "use default gateway on remote network" for the
TCP/IP properties on the VPN connection. I then had them modify their IE
settings for the VPN connection to point them to my network's proxy
server(firewall) using port 80 (this could be different depending on your
firewall setup) for all internet protocols (HTTP, FTP, Gopher, etc). After
this was done, clients could then reach all internal routeable subnets along
with accessing the internet. Here's a good link with pretty pictures on
setting this up:
http://www.isaserver.org/tutorials/Solving_the_Mystery_of_the_VPNRASWeb_Proxy_Client.html

cheers,
Lunchb0x
 
That is certainly the case with a proxy server setup. For a W2k/XP
client, proxy settings are connection specific. So to use a proxy server
over a RAS/VPN connection, you need to set the proxy settings for the
connection. You can do it from Control Panel | internet options. This allows
you to have different proxy settings for local and remote proxy servers.
 
Back
Top